Hidden software secretly installed on cars, mobile phones, and laptops has put roughly two billion devices at risk of being hijacked or attacked by hackers, according to new research. The vulnerability is so widespread that even automobiles use the software that contains the security flaw, said security scientists presenting at the Black Hat USA security conference in Las Vegas this week.

The software, known as the Open Mobile Alliance Device Management (OMA-DM) protocol, is also found on many other devices connected to the Internet. It is installed by manufacturers at the behest of data and telephone carriers as a way to allow the companies to troubleshoot devices, deliver firmware updates and remotely change network configurations.

The vulnerability was discovered by Mathew Solnik and Marc Blanchou, security researchers with Denver-based firm Accuvant. They analyzed the OMA-DM implementation on devices for Apple, Android and BlackBerry sold in the U.S. and other countries. The two offered details of their research Wednesday in a presentation titled “Cellular Exploitation on a Global Scale: The Rise and Fall of the Control Protocol.”

Easy Access for Hackers

“Carriers embed control software into most mobile devices,” said Ryan Smith, Accuvant vice president and chief scientist. “Our researchers found serious security vulnerabilities in the carrier control software used in a large number of cell phones across platforms and carriers.”

The Accuvant scientists focused on an implementation of the protocol developed by Red Bend Software, which they said is installed on 70 percent to 90 percent of all carrier-sold phones on the planet.

Unfortunately, the way in which many carriers implement the security on the OMA-DM protocol makes it extremely easy for attackers to gain high-level access to customers’ devices. Controlling a device, such as a cell phone, through OMA-DM requires a two-part authorization code consisting of the device’s unique ID number and a secret security token provided by the carrier.

However, some carriers use the same token for every device on their networks. Under those circumstances, anyone who compares the authorization codes of two or more devices can easily extract the security token, and use it in combination with a device's ID number to gain access to it.

Cars with OnStar at Risk

Once a hacker is able to access a device remotely, he can listen in on phone conversations, steal passwords for a user’s financial accounts, or even hijack control of the device entirely. The security flaw can be found in a wide variety of mobile devices and platforms, including those built for Android, BlackBerry and a small number of iOS devices.

The vulnerability even extends to vehicles that make use of the OMA-DM protocol. Automobiles that have the OnStar roadside assistance service, for example, could be attacked by hackers through the exploit.

So it is not an issue with the phone manufacturers, but instead the carrier and their software. So to say "security flaw in a wide variety of Android, BlackBerry and some iOS mobile devices and platforms" is in fact incorrect.

What Is Splunk?
You see servers and devices, apps and logs, traffic and clouds. We see data—everywhere. Splunk® offers the leading platform for Operational Intelligence. It enables the curious to look closely at what others ignore—machine data—and find what others never see: insights that can help make your company more productive, profitable, competitive and secure. What can Splunk do for you? Just ask.